Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
Department of Agriculture (USDA) Final Rule: Removing Reference to SAM (System for Award Management) Managed Identifier (SAMMI) - On May 13, USDA published a Final Rule to remove references to SAMMI which became obsolete...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
In October 2023, the federal government released a Proposed Rule aimed at incorporating new cybersecurity reporting requirements into the Federal Acquisition Regulation (FAR). In this second installment of PilieroMazza’s...more
The U.S. Department of Homeland Security (DHS) has issued comprehensive cybersecurity regulations aimed at protecting Controlled Unclassified Information (CUI). These regulations were long-awaited, as the original proposed...more
Cybersecurity has been an important topic for many years now, yet the government has struggled with how to flow down cybersecurity obligations to its supply chain. The Department of Defense’s (DOD) Cybersecurity Maturity...more
The U.S. Department of Veterans Affairs (VA) released a final rule, effective February 24, 2023, amending the VA’s Acquisition Regulation (VAAR) to impose new cybersecurity procedures and processes to protect sensitive VA...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more
On October 5, 2022, the Department of Defense (DOD), in compliance with Section 889 of the National Defense Authorization Act for Fiscal Year 2019, released an updated list (Blacklist) of banned People’s Republic of China...more
The Canadian Institute’s 11th Annual Forum on U.S. Export & Re-Export Compliance for Canadian Operations will take place in Toronto on January 25–27! IN-PERSON and LIVESTREAM options available. Over the last decade, this...more
The US Department of Justice (DOJ) recently announced plans to use the False Claims Act (FCA) to pursue cybersecurity-related fraud by government contractors, subcontractors and grant recipients, including for providing...more
The Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) requirements are coming, impacting DOD contractors big and small. This important new certification, if responded to proactively, will help...more
Now that DOD has released the final version of the Cybersecurity Maturity Model Certification (CMMC) guidelines, all contractors that work directly or indirectly on Department of Defense (DOD) contracts should be preparing to...more
- DoD has released the final version of the CMMC framework. - DoD anticipates that CMMC requirements will appear in a limited number of solicitations starting in October 2020 and that they will appear in all DoD...more
The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense...more
Whistleblower programs that previously focused on traditional concerns such as accounting and FCPA issues should now consider expanding to incorporate company IT and information security teams and account for data protection...more
With increasing cybersecurity obligations placed on government contractors come expanding legal risks. Bid protests challenging agency evaluations of offerors' abilities to meet cybersecurity solicitation criteria are...more
A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes...more
The Department of Defense (DOD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DOD contractors...more
The government requires contractors and subcontractors to protect the systems upon which government-related data reside or through which such data pass. Failure to comply with current Federal Acquisition Regulation (FAR)...more
This article summarizes some of the many risks and implications that are associated with failing to comply with U.S. government-unique cyber and information technology requirements. We are often asked by small and...more
The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more
On August 26, 2015, the Department of Defense (DoD) published a long-awaited Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to require “rapid” reporting of “cyber incidents” that result in...more